pub-solar/os
5
0
Fork 2
Code Issues 4 Pull requests Packages Projects 1 Releases Wiki Activity

SQ cube

Browse source
This commit is contained in:
Hendrik Sokolowski 2022-08-19 19:42:42 +02:00
parent 5117333177
commit 06d72216b5
7 changed files with 82 additions and 209 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

165
flake.lock
View file

@ -20,26 +20,6 @@
"type": "github" "type": "github"
} }
}, },
"beautysh": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1641830469,
"narHash": "sha256-uhDmgNP/biOWe4FtOa6c2xZnREH+NP9rdrMm0LccRUk=",
"owner": "lovesegfault",
"repo": "beautysh",
"rev": "e85d9736927c0fcf2abb05cb3a2d8d9b4502a2eb",
"type": "github"
},
"original": {
"owner": "lovesegfault",
"repo": "beautysh",
"type": "github"
}
},
"blank": { "blank": {
"locked": { "locked": {
"lastModified": 1625557891, "lastModified": 1625557891,
@ -55,31 +35,6 @@
"type": "github" "type": "github"
} }
}, },
"bud": {
"inputs": {
"beautysh": "beautysh",
"devshell": [
"digga",
"devshell"
],
"nixpkgs": [
"nixos"
]
},
"locked": {
"lastModified": 1654190822,
"narHash": "sha256-B8z3stYaULNDBBjzJHrFHGgiJHrLqhBkxH+9u5iBP7E=",
"owner": "divnix",
"repo": "bud",
"rev": "0ff3e4e4b8791ea4d827bf5bfcac28cef060f209",
"type": "github"
},
"original": {
"owner": "divnix",
"repo": "bud",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -145,7 +100,7 @@
}, },
"devshell": { "devshell": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"digga", "digga",
"nixpkgs" "nixpkgs"
@ -251,11 +206,11 @@
}, },
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1631561581, "lastModified": 1642700792,
"narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -266,7 +221,7 @@
}, },
"flake-utils-plus": { "flake-utils-plus": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3" "flake-utils": "flake-utils_2"
}, },
"locked": { "locked": {
"lastModified": 1654029967, "lastModified": 1654029967,
@ -284,21 +239,6 @@
} }
}, },
"flake-utils_2": { "flake-utils_2": {
"locked": {
"lastModified": 1642700792,
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": { "locked": {
"lastModified": 1644229661, "lastModified": 1644229661,
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
@ -313,22 +253,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_4": { "flake-utils_3": {
"locked": {
"lastModified": 1656928814,
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"locked": { "locked": {
"lastModified": 1649676176, "lastModified": 1649676176,
"narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
@ -436,27 +361,6 @@
"type": "github" "type": "github"
} }
}, },
"nix-dram": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": [
"latest"
]
},
"locked": {
"lastModified": 1660180791,
"narHash": "sha256-oPO+keK4S9daL9ubU51hZ+QOWVSMbZ56F20iFI9Px3s=",
"owner": "dramforever",
"repo": "nix-dram",
"rev": "ae7f0b7c5d39eec5941fe21e9f202106bdea9ac2",
"type": "github"
},
"original": {
"owner": "dramforever",
"repo": "nix-dram",
"type": "github"
}
},
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1636849918, "lastModified": 1636849918,
@ -491,7 +395,7 @@
"nixos-generators": { "nixos-generators": {
"inputs": { "inputs": {
"nixlib": "nixlib", "nixlib": "nixlib",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1660661347, "lastModified": 1660661347,
@ -524,16 +428,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1633971123, "lastModified": 1637186689,
"narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=", "narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef", "rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable-small", "ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -554,22 +458,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1637186689,
"narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 0, "lastModified": 0,
@ -585,7 +473,7 @@
"nvfetcher": { "nvfetcher": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": [
"nixos" "nixos"
] ]
@ -604,37 +492,9 @@
"type": "github" "type": "github"
} }
}, },
"poetry2nix": {
"inputs": {
"flake-utils": [
"bud",
"beautysh",
"flake-utils"
],
"nixpkgs": [
"bud",
"beautysh",
"nixpkgs"
]
},
"locked": {
"lastModified": 1633382856,
"narHash": "sha256-hYlet806M9xJj4yxf0g5fhDT2IEUVIMAl7sqIeZ8DUM=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "705cbfa10e3d9bfed2e59e0256844ae3704dbd7e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"bud": "bud",
"darwin": "darwin", "darwin": "darwin",
"deploy": "deploy", "deploy": "deploy",
"digga": "digga", "digga": "digga",
@ -642,7 +502,6 @@
"latest": "latest_2", "latest": "latest_2",
"musnix": "musnix", "musnix": "musnix",
"naersk": "naersk", "naersk": "naersk",
"nix-dram": "nix-dram",
"nixos": "nixos", "nixos": "nixos",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",

7
flake.nix
View file

@ -133,10 +133,10 @@
iso = base ++ [ base-user graphical pub-solar-iso ]; iso = base ++ [ base-user graphical pub-solar-iso ];
pubsolaros = [ base-user users.root ]; pubsolaros = [ base-user users.root ];
anonymous = [ pubsolaros users.pub-solar ]; anonymous = [ pubsolaros users.pub-solar ];
pubsolaros-light = [ core-light base-user users.root ]; pubsolaros-light = [ base-user users.root ];
hensoko = pubsolaros ++ [ users.hensoko ]; hensoko = pubsolaros ++ [ users.hensoko ];
hensoko-light = pubsolaros-light ++ [ users.hensoko ]; hensoko-light = pubsolaros-light ++ [ users.hensoko ];
hensoko-iot = [ core-light base-user users.root users.hensoko ]; hensoko-iot = [ base-user users.root users.hensoko ];
# server # server
cube = hensoko-iot; cube = hensoko-iot;
@ -182,8 +182,7 @@
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations; homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
cube = { cube = { };
};
companion = { companion = {
#profilesOrder = [ "system" "direnv" ]; #profilesOrder = [ "system" "direnv" ];
#profiles.direnv = { #profiles.direnv = {

4
hosts/cube/configuration.nix
View file

@ -5,10 +5,10 @@
[ [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./home-controller.nix
./acme.nix ./acme.nix
./home-assistant.nix ./home-assistant.nix
./nextcloud.nix ./nextcloud.nix
./wireguard.nix
]; ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
@ -34,7 +34,7 @@
services.openssh.ports = [ 2222 ]; services.openssh.ports = [ 2222 ];
networking.firewall.allowedTCPPorts = [ 2222 ]; networking.firewall.allowedTCPPorts = [ 80 443 2222 ];
networking.firewall.allowedUDPPorts = [ 51899 ]; networking.firewall.allowedUDPPorts = [ 51899 ];
networking.firewall.enable = lib.mkForce true; networking.firewall.enable = lib.mkForce true;

2
hosts/cube/cube.nix
View file

@ -9,5 +9,5 @@ in
./configuration.nix ./configuration.nix
]; ];
pub-solar.core.disk-encryption-active = false;
} }

48
hosts/cube/home-controller.nix
View file

@ -1,48 +0,0 @@
{ self, config, pkgs, ... }:
{
config = {
age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_cube_wireguard_key.age";
pub-solar.home-controller = {
enable = true;
role = "agent";
ownIp = "10.0.1.5";
k3s = {
enableLocalStorage = false;
enableZfs = false;
serverAddr = "https://api.kube:6443";
tokenFile = "/run/agenix/home_controller_k3s_token";
};
wireguard = {
privateKeyFile = "/run/agenix/home_controller_wireguard";
peers = [
{
# giggles
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
allowedIPs = [ "10.0.1.11/32" ];
}
{
# cox
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
allowedIPs = [ "10.0.1.12/32" ];
}
{
# companion
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
allowedIPs = [ "10.0.1.13/32" ];
}
{
# hsha
publicKey = "sC0wWHE/tvNaVYX3QQTHQUmSTTjZMOjkQ5x/qy6qjTc=";
allowedIPs = [ "10.0.1.254/32" ];
}
];
};
};
};
}

2
hosts/cube/nextcloud.nix
View file

@ -52,7 +52,7 @@
package = pkgs.nextcloud24; package = pkgs.nextcloud24;
hostName = "data.gssws.de"; hostName = "data.gssws.de";
https = true; https = true;
#datadir = "/mnt/internal/nextcloud"; datadir = "/mnt/internal/nextcloud";
autoUpdateApps.enable = true; autoUpdateApps.enable = true;
autoUpdateApps.startAt = "05:00:00"; autoUpdateApps.startAt = "05:00:00";

63
hosts/cube/wireguard.nix Normal file
View file

@ -0,0 +1,63 @@
{ self, config, pkgs, ... }:
{
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_cube_wireguard_key.age";
systemd.services.wireguard-wg0.serviceConfig.Restart = "on-failure";
systemd.services.wireguard-wg0.serviceConfig.RestartSec = "5s";
# Enable WireGuard
networking.wireguard.interfaces = {
wg1 = {
# Determines the IP address and subnet of the client's end of the tunnel interface.
ips = [ "10.0.1.5" ];
listenPort = 51899; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
# Path to the private key file.
#
# Note: The private key can also be included inline via the privateKey option,
# but this makes the private key world-readable; thus, using privateKeyFile is
# recommended.
privateKeyFile = "/run/agenix/home_controller_wireguard";
peers = [
# For a client configuration, one peer entry for the server will suffice.
{
# giggles
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
allowedIPs = [ "10.0.1.11/32" ];
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
{
# cox
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
allowedIPs = [ "10.0.1.12/32" ];
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
{
# companion
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
allowedIPs = [ "10.0.1.13/32" ];
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
{
# hsha
publicKey = "sC0wWHE/tvNaVYX3QQTHQUmSTTjZMOjkQ5x/qy6qjTc=";
allowedIPs = [ "10.0.1.254/32" ];
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
];
};
};
}